package cn.iocoder.yudao.module.call.framework.security.config;


import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
import cn.iocoder.yudao.module.call.framework.security.core.filter.CallModuleTokenAuthenticationFilter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.annotation.Resource;

@Configuration(proxyBeanMethods = false, value = "callModuleSecurityConfiguration")
public class CallModuleSecurityConfiguration {
    @Resource
    private CallModuleTokenAuthenticationFilter callModuleTokenAuthenticationFilter;

    /**
     * 自定义一个拦截器，用于处理 call module 发起的ws-call连接请求
     *
     * @return
     * @author PetePower
     * @since 2024-04-02
     */

    @Bean("callModuleAuthorizeRequestCustomizer")
    public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() {

        return new AuthorizeRequestsCustomizer() {
            @Override
            public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
                registry.antMatchers("/infra/ws").permitAll();
                registry.and().addFilterAfter(callModuleTokenAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
            }
        };
    }
}
